Source Code Auditor Career Paths

Career paths for Source Code Auditors vary. Some folks segue into auditing after working as software or web application developers; others begin specializing in programming and security during university.

A lot of Source Code Auditors wear multiple hats. An auditor may also work as a:

Source Code Auditor Salaries

Thanks to the super-specialized nature of the job, standard salary figures from the BLS and Payscale are tough to find.

By scanning all its job listings for the term “source code auditor”, SimplyHired calculates the average salary for a Source Code Auditor to be $52,000. For the term “senior source code auditor”, the average salary estimate jumps to $57,000.

Source Code Auditor Job Requirements

Degree Requirements

Employers will be looking for a bachelor’s degree in Computer Science, Cyber Security or the equivalent. Real-life programming/auditing experience may be more valuable than a master’s degree.

Work Experience

This will depend on the job listing (and listings for Source Code Auditors are rare indeed). Mid-level positions will generally ask for 2-3 years of experience in security and auditing.

Hard Skills

It goes without saying that you should have an in-depth understanding of programming languages. These can include C/C++, C#, Java/JSP, .NET, Perl, PHP, Ruby, Python, etc.

Employers may also be interested in your knowledge of:

CERT/CC, MITRE, Sun and NIST secure coding guidelines and standards

Software and web application development practices

Penetration testing and vulnerability assessments

Soft Skills

On the whole, employers will want candidates with high ethical standards, strong problem-solving skills, the ability to communicate with technical and non-technical staff, resourcefulness and smart project management skills.

How is your eye for detail? Auditors are expected to spot the smallest issue. Along with being scrupulous, tenacious and patient, good candidates are curious. It’s not enough to accept information as given. Auditors must question everything they’re analyzing.

What’s more, a lot of these positions are moving to source code review and live pairing with developers. The soft skills required for this go far beyond most information security roles.

Certifications for Source Code Auditors

As far as we are aware, there is no dedicated certification for source code auditing (though ISACA does offer CISA, which covers the auditing of information systems). We have also listed some common penetration testing accreditations. When in doubt, ask colleagues and employers for advice.